Vulnerability Description
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress | Whatsup Gold | < 23.1.0 |
Related Weaknesses (CWE)
References
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-DecemberVendor Advisory
- https://www.progress.com/network-monitoringVendor Advisory
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-DecemberVendor Advisory
- https://www.progress.com/network-monitoringVendor Advisory
FAQ
What is CVE-2023-6364?
CVE-2023-6364 is a vulnerability with a CVSS score of 7.6 (HIGH). In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value with...
How severe is CVE-2023-6364?
CVE-2023-6364 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6364?
Check the references section above for vendor advisories and patch information. Affected products include: Progress Whatsup Gold.